Asa ietf radius authorization attributes – Cisco ASA 5505 User Manual
Page 1934
C-36
Cisco ASA 5500 Series Configuration Guide using the CLI
Appendix C Configuring an External Server for Authorization and Authentication
Configuring an External RADIUS Server
ASA IETF RADIUS Authorization Attributes
lists the supported IETF RADIUS attributes.
IPv6-VPN-Filter
Y
219
String
Single
ACL value
Privilege-Level
Y
Y
220
Integer
Single
An integer between 0 and 15.
WebVPN-Macro-Value1
Y
223
String
Single
Unbounded. For examples, see
the SSL VPN Deployment Guide
at the following URL:
WebVPN-Macro-Value2
Y
224
String
Single
Unbounded. For examples, see
the SSL VPN Deployment Guide
at the following URL:
Table C-7
ASA Supported RADIUS Attributes and Values (continued)
Attribute Name
VPN
3000
ASA
PIX
Attr.
No.
Syntax/
Type
Single
or
Multi-
Valued
Description or Value
Table C-8
ASA Supported IETF RADIUS Attributes and Values
Attribute Name
VPN
3000
ASA
PIX
Attr.
No.
Syntax/
Type
Single or
Multi-
Valued
Description or Value
IETF-Radius-Class
Y
Y
Y
25
Single
For Versions 8.2.x and later, we
recommend that you use the
Group-Policy attribute (VSA 3076,
#25) as described in
:
•
group policy name
•
OU=group policy name
•
OU=group policy name
IETF-Radius-Filter-Id
Y
Y
Y
11
String
Single
Access list name that is defined on the
ASA, which applies only to full
tunnel IPsec and SSL VPN clients
IETF-Radius-Framed-IP-Address
Y
Y
Y
n/a
String
Single
An IP address
IETF-Radius-Framed-IP-Netmask
Y
Y
Y
n/a
String
Single
An IP address mask
IETF-Radius-Idle-Timeout
Y
Y
Y
28
Integer
Single
Seconds